krb5_verify_user

[Imanuel Greenfeld]

Hello Ben,

Thanks for your advice.

I understand it much better now.

I'm getting a token back from the KDC - it's huge encrypted string.

I need to incorporate that into my HTTP request.  I'm thinking whether it
I'll get through the authentication by adding this to HTTP header.

The HTTP headers I looked at had :- Authorization: Basic <token>

For example : Authorization: Basic YWxhZGRpbjpvcGVuc2VzYW1

Any ideas how I can do that ?  Should I treat is as a string ?

Thanks

Imanuel.


 

-----Original Message-----
From: Benjamin Kaduk [mailto:kaduk at mit.edu] 
Sent: 09 January 2018 00:15
To: Imanuel Greenfeld <imanuel.greenfeld1 at ntlworld.com>
Cc: kerberos at mit.edu
Subject: Re: krb5_verify_user

On Mon, Jan 08, 2018 at 09:49:06PM +0000, Imanuel Greenfeld wrote:
> Hello,
> 
>  
> 
> Hope you're well.
> 
>  
> 
> Happy new year.
> 
>  
> 
> I am looking for krb5_verify_user function under krb5/krb5.h and in 
> fact anywhere but cannot find it.
> 
>  
> 
> I know it's not recommended to use it with the password, but I want to 
> see if I can prove the point.
> 
>  
> 
> I am therefore getting compilation error for the function needing a 
> prototype.
> 
>  
> 
> I'm using 1.16 and also tried on 1.15.2
> 
>  
> 
> Any ideas please ?

krb5_verify_user() is a function in the Heimdal implementation of Kerberos,
but is not present in MIT krb5.

Upon cursory examination, it seems that
krb5_get_init_creds_password() and krb5_verify_init_creds() together might
be a suitable replacement.  Note that it requires the caller to have access
to a service keytab (and the principal name must be specified if it is not
host/<localhost>).

-Ben